Privacy is about staying one step ahead. The team behind Firo is responsible for some of the most significant blockchain privacy protocols on record, and all that tech is distilled into Kiiro.
Lelantus Spark greatly improves over its predecessor Lelantus with flexible Spark addresses that hide all transaction amounts, are not searchable on the blockchain while allowing efficient threshold signatures and both incoming and outgoing view key support. Spark also has a modular structure allowing components to be upgraded as better technology arises while simplifying security analysis. It retains the benefits of Lelantus with no trusted setup, an easy to understand construction and based on well established cryptographic assumptions.
Lelantus Spark: Secure and Flexible Private Transactions
We propose a modification to the Lelantus private transaction protocol to provide recipient privacy, improved security, and additional usability features. Our decentralized anonymous payment (DAP) construction, Spark, enables non-interactive one-time addressing to hide recipient addresses in transactions. The modified address format permits flexibility in transaction visibility. Address owners can securely provide third parties with opt-in visibility into incoming transactions or all transactions associated to the address; this functionality allows for offloading chain scanning and balance computation without delegating spend authority. It is also possible to delegate expensive proving operations without compromising spend authority when generating transactions. Further, the design is compatible with straightforward linear multisignature operations to allow mutually non-trusting parties to cooperatively receive and generate transactions associated to a multisignature address. We prove that Spark satisfies formal DAP security properties of balance, non-malleability, and ledger indistinguishability.
Spats: user-defined confidential assets for the Spark transaction protocol.
In privacy-preserving transaction protocols, confidential asset designs permit transfer of quantities of distinct asset types in a way that obscures their types and values. Spark is a protocol that provides flexible privacy properties relating to addressing, transaction sources and recipients, and value transfer; however, it does not natively support the use of multiple confidential asset types. Here we describe Spats, a new design for confidential assets compatible with Spark that focuses on efficient and modular implementation. It does so by extending coin value commitments to bind and mask an asset type, and asserting in zero knowledge that this type is maintained throughout transactions. We describe the cryptographic components and changes to the Spark protocol necessary for the design of Spats.
Helsing: Private Masternode Staking
Helsing is a protocol extension to Spark that allows for private staking operations not requiring transparent addresses or outputs. Specifically, Helsing provides for Spark-compatible collateral staking and coinbase payouts.
Lelantus is a next-generation privacy protocol developed by Aram Jivanyan at Firo. Lelantus allows you to burn your coins, which hides them in an anonymity set of over 65,000. The receiver can redeem it from this anonymity pool, which breaks the links from your transaction and all the previous ones it has been through.
Lelantus: Private transactions with hidden origins and amounts based on DDH (Aram Jivanyan)
Lelantus is Kiiro’s next generation privacy protocol which improves on Sigma by removing the requirement of fixed denominations allowing people to burn arbitrary amounts and redeem partial amounts without revealing values or the source. Lelantus doesn’t require any trusted setup and uses only DDH assumptions. It also supports untraceable direct anonymous payments by allowing people to pass the right to redeem to someone else. Lelantus is Firo’s own innovation.
In this work, we introduce a new method of instantiating one-out-of-many proofs which reduces the proof generation time by an order of magnitude. In certain practical applications our method also helps to fasten the verification process of multiple simultaneously generated proofs. Our approach still results in shorter proofs comprised of only a logarithmic number of commitments and does not compromise the highly efficient batch verification properties endemic to the original construction. We believe this work can also foster further research towards building more efficient one-out-of-many proofs which are extremely useful constructions in the blockchain privacy space and beyond.
We believe the whole purpose of blockchain is to build systems that do not require trust, and that same principle applies to our privacy systems. This is why we built Sigma for Zcoin in 2018 which removes the requirement of a trusted setup in Zerocoin. Sigma uses 256 bit ECC curves for proof sizes of just 1.5 kB - a 17x improvement on then-current technology. Sigma was a precursor to Lelantus, and set many stepping stones to get us where we are today.
One-out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin (Jens Groth et al)
One out of Many Proofs (OOOMPs)forms the foundation of Sigma which improves on Zerocoin by removing trusted setup and reducing proof sizes. Kiiro is also applying some further efficiency modifications to the original paper. Sigma was replaced by Lelantus but the underlying OOOMPs are still used in Lelantus and Lelantus Spark.
Kiiro's Merkle Tree Proof (MTP) mining algorithm was designed to democratize mining. The MTP algorithm is memory-intensive increasing the costs of building ASICs and keeping the chain mineable by commodity hardware such as GPUs. Nodes, however, can bypass this memory requirement and verify these proofs efficiently. A Firo-sponsored audit in 2017 proved the effectiveness of this two-pronged approach. MTP has since been replaced by FiroPoW which has smaller proofs and additional ASIC resistant strategies.
MTP is the Proof of Work algorithm that Kiiro uses that promotes egalitarian mining while maintaining quick verification. The original paper had
A bounty was organized to harden MTP and also funded research to solve these issues as reflected in the linked paper. MTP was coded from the ground up by Firo and switched to the MTP algorithm in December 2018. MTP has been replaced by FiroPoW which has stronger ASIC resistance and smaller proof sizes.